Kaspersky experts have conducted a study to test the resistance of passwords to intelligent guessing and brute force attacks. The study was conducted with 193 million passwords found publicly on various sources on the darknet.

The results showed that about 87 million passwords (45% of the survey) could be successfully cracked by hackers within 1 minute. 27 million passwords (14%) were cracked by hackers within 1 minute to 1 hour. Only 23% (44 million) of the passwords were considered secure because cracking them would take more than 1 year.

W-social-networking-facebook-1.jpg
A user is logging into his Facebook account. Photo: Trong Dat

Notably, the majority of passwords (57%) contained a word that could easily be found in a dictionary, significantly reducing password strength.

The most common vocabulary strings include some password groups in the form of people's names (admed, nguyen, kumar, kevin, daniel), password groups containing common words (forever, love, google, hacker, gamer) or standard password groups (password, qwerty12345, admin, 12345, team).

The analysis found that only 19% of passwords contained a strong combination of characters, including a non-dictionary word, upper and lower case letters, numbers, and symbols. However, even with these passwords, 39% of them could be guessed by smart algorithms in less than an hour.

From the above data, experts believe that most of the passwords that users are using are considered not strong enough and are not secure. This has unintentionally created conditions for attackers to easily penetrate accounts. With password guessing tools by trying characters, attackers do not even need to possess specialized knowledge or advanced equipment to be able to crack.

To increase password strength, users should use separate passwords for different services. This way, even if one account is hacked, the others are still safe.

Users should avoid using personal information such as birthdays, family members, pets, or nicknames as passwords. These are often the first options attackers will try when cracking passwords.

While not directly related to password strength, enabling two-factor authentication (2FA) adds an extra layer of security. Even if a password is discovered, an attacker would still need two-factor authentication to access a user's account.

Be alert to new scams on social networks . With the emergence of many new scams on social networks in addition to old tricks, the Department of Information Security (Ministry of Information and Communications) recommends that Vietnamese Internet users be more vigilant.